Ronsi: a Framework for Calculating Return on Network Security Investment

No Thumbnail Available

Date

2023

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Springer

Open Access Color

OpenAIRE Downloads

OpenAIRE Views

Research Projects

Organizational Units

Thumbnail Image
Organizational Unit
Information Systems Engineering
Information Systems is an academic and professional discipline which follows data collection, utilization, storage, distribution, processing and management processes and modern technologies used in this field. Our department implements a pioneering and innovative education program that aims to raise the manpower, able to meet the changing and developing needs and expectations of our country and the world. Our courses on current information technologies especially stand out.
Thumbnail Image
Organizational Unit
Computer Engineering
(1998)
The Atılım University Department of Computer Engineering was founded in 1998. The department curriculum is prepared in a way that meets the demands for knowledge and skills after graduation, and is subject to periodical reviews and updates in line with international standards. Our Department offers education in many fields of expertise, such as software development, hardware systems, data structures, computer networks, artificial intelligence, machine learning, image processing, natural language processing, object based design, information security, and cloud computing. The education offered by our department is based on practical approaches, with modern laboratories, projects and internship programs. The undergraduate program at our department was accredited in 2014 by the Association of Evaluation and Accreditation of Engineering Programs (MÜDEK) and was granted the label EUR-ACE, valid through Europe. In addition to the undergraduate program, our department offers thesis or non-thesis graduate degree programs (MS).

Journal Issue

Events

Abstract

This competitive environment is rapidly driving technological modernization. Sophisticated cyber security attacks are expanding exponentially, inflicting reputation damage and financial and economic loss. Since security investments may take time to generate revenues, organizations need more time to convince top management to support them. Even though several ROSI techniques have been put out, they still need to address network-related infrastructure. By addressing gaps in existing techniques, this study delivers a comprehensive framework for calculating Return on Network Security Investment (RONSI). The proposed framework uses a statistical prediction model based on Bayes' theorem to calculate the RONSI. It is validated by Common Vulnerability Security Systems (CVSS) datasets and compared to existing studies. The results demonstrate that the annual loss is reduced to 75% with the proposed RONSI model after implementing a security strategy, and the proposed model is compared with existing studies. An organization can effectively justify investments in network-related infrastructure while enhancing its credibility and dependability in the cutthroat marketplace.

Description

Koyuncu, Murat/0000-0003-1958-5945;
ORCID
Koyuncu, Murat ORCID logo

Keywords

Return on network security investment (ROSI), Cyberattack, Network security, Bayesian approach, Investment decisions

Turkish CoHE Thesis Center URL

Fields of Science

Citation

WoS Q

Q3

Scopus Q

Q2

Source

Volume

84

Issue

4

Start Page

533

End Page

548

URI

https://doi.org/10.1007/s11235-023-01039-9
 https://hdl.handle.net/20.500.14411/2168

Collections

WOS
Scopus